Note: We raised the following in the General Forum but were advised to repeat it here…
Q1. This question relates to wildcard certificate renewal and how to bring the renewed wildcard certificate into effect.
The steps taken so far are as follows:
1. Having renewed and installed our wildcard certificate we now have two wildcard certificates on our Windows 2003 server for the same *.domain.com; one of which is about to expire. Although the new wildcard certificate is a renewal of the existing one it is appears to be essentially a distinct new certificate, with both certificates coexisting on the same server.
2. Two web sites have been configured in IIS6 to use the new certificate: the first is a new temporary web site which was created specifically to generate the certificate renewal request, and the other an existing web site which initially used the old certificate. The secure binding of each web site has been reset using the standard command form below, and the corresponding application pools restarted:
cscript adsutil.vbs set /w3svc/nnnnnnnnn/SecureBindings ":443:SiteName.domain.com"
The problem is this:
When either of the above two web sites is visited via a browser; the browser always shows the old certificate is being used and not the new one. However the IIS6 properties of both web sites confirm they are configured to use the new certificate.
Can anyone suggest how to mobilize or activate the new wildcard certificate on the server so it is correctly delivered to the browser?
Q2. There also exist several other web sites currently using the old wildcard certificate which have not yet been reconfigured, and which may be the root of the problem. Until now we have used the *Replace the current certificate* option in IIS6 to change to the new certificate. But presumably it is also possible to first *Remove the current certificate* then *Assign an existing certificate* to achieve the same effect. However, the concern with *Remove the current certificate* is the comment in IIS6 which says *To remove this certificate from your SERVER and store it for later use, click Next* which is a little disturbing (!) although it does not appear to actually remove the certificate from the server. But this does raise the question as to whether the old wildcard certificate should in fact be totally deleted from the server, and how to do this.
So, can anyone provide the correct procedure for reconfiguring the remaining web sites to use the new certificate?
Thanks in advance.